Practical Anonymous Access Control Protocols for Ubiquitous Computing

ABSTRACT Privacy has been a central concern of ubiquitous (pervasive) computing. The boundary between private and public moves dynamically depending on the context in which the issue is considered. As for access control for ubiquitous computing, the concept of consensual disclosure is an answer to the question of where the boundary should be drawn — Unless a user gives their explicit consent to opening the identity, perfect privacy, that is, anonymity and unlinkability are supported. This paper presents concrete protocols for anonymous and unlinkable access control that are appropriate for ubiquitous computing partly in the sense that they support consensual disclosure. The protocols presented in this paper are practical because they are efficient and based on a model that represents the real world. In particular, they support a characteristic of the key transfer: a service appliance acquires keys to decrypt contents of services, if, and only if, it accepts proof of access rights as presented by a user, and can prove that it is trusted by the service provider. Moreover, the protocols are provably secure. This study has been sponsored by the Ministry of Economy, Trade and Industry, Japan (METI) under contract, New-generation Information Security R&D Program